SQL: How to kill sessions in bulk

Thanks. After review grid document, I found this post and the Audit_Trail post. I monitor for all connection attempts, encryption level used during connections and also open/inactive sessions. It was the inactive sessions that highlighted the need to kill off inactive sessions regularly. I realized that a long standing control in Development might not work as intended. When third party support allowed to connect for the day — Development disables all accounts every night and expects vendor to request again if they need to work the next day. Thinking about your session kill idea, I thought there might be a case where a PL/SQL tab from that support person connected, and was ‘left open’ as the support person just kept opening tabs as they completed work for other clients. My audit trail will show session as inactive, but I assumed there was no reason for it to automatically disconnect unless I am missing something. Risk prevention: How to prevent the third party from gaining access even if original DB user was disabled? Wouldn’t re-authentication of disabled user be bypassed if third party support still had an inactive session defined (assumes site-to-site VPN connectivity was still working)? Development just disables the db user account until a new support access request comes in. I have solved the network side (no direct access, must go through local jump server with MFA, etc. and eliminates concern that third party support had any session to our DB as queries only run what’s allowed in controlled session on jump station or in scripts on DB servers that are vetted. However, I still feel it would be good to run a job to kill sessions for any user in the group of ‘vendor db users’ ‘just in case’. Your article “sql-how-to-kill-sessions-in-bulk” was just an extra on your blog that I found looking for 12c to 19c migration. Larry Background: Outside of server and DB log forwarding (MSSP/MDR), I created my own oversight to confirm what logon success/failures, what does open/inactive session look like over time, and what is the level of encryption current and legacy clients use to connect with (a pre-19c checklist for when all connections will be encrypted or firewalled). The audit_access_attempts database provided lots of insight (including IP address, etc.). See Header from export file: “TIMESTAMP”,”DBNAME”,”OS_PROCESS”,”OS_USERNAME”,”HOST”,”DB_USER”,”TERMINAL”,”Additional Info.”,”RETURNCODE”. It was what I expected it to be and ensured we knew of any connections (successful or not) and whether expected behaviors and all that good stuff was working. But then I started to audit sessions — a little trickier — I started to see inactive sessions from ‘disabled third party support accounts’ still present. So your article above was on point on how to kill sessions, I need the same but with a little more restrictions